stackoom
  简体   繁体   中英

Surface the application associated to a Managed Service Identity service principal in AAD app registrations

 原文  2018-08-10 18:14:48       azure/ azure-active-directory/ azure-managed-identity/ azure-security

Question

I've got a service principal in Azure which was created when i turned on Managed Service Identity for one of my Azure assets. I'd like to grant permissions to this SP using the App Registrations area in the portal (I know I can do it with New-AzureADServiceAppRoleAssignment , but I'd like to create an application in this case).

The Service Principal has an associated application whose guid is visible in the Enterprise Applications section of the AAD blade, but that application id isn't visible in the app registrations section and Get-AzureRmADApplication doesn't see it either.

Can I use powershell or the REST API to somehow change make the application associated with the MSI's service principal show up in this area?

1 answers

solution1
 2  2018-08-13 02:35:25

If you enable the MSI, it will create a service principal automatically.

The Service Principal has an associated application whose guid is visible in the Enterprise Applications section of the AAD blade

What you have seen in the Enterprise Applications is also called service principal . You could understand that the Enterprise Application equals service principal.

but that application id isn't visible in the app registrations section and Get-AzureRmADApplication doesn't see it either.

If you create app registration, it will also create a service principal in the Enterprise Applications. But if you enable MSI, there will not be an AD app(app registration). You could not make the Enterprise Application (service principal) show up in the App registration . Also, when you granting permission to an AD app, it essentially grants the permission to the service principal.

For more details about App registration and Service principal, refer to this link .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Service principal or Managed Identity Azure service principal vs managed identity vs (enterprise) application How to use Service Principal/Managed Identity to access Azure App Configuration? Azure App Service is able to use Managed Identity(no app roles) to call another AAD protected App service, Why? I'm having problems authenticating with Managed Service Identity to an Azure App Service secured with AAD How many certificates can be associated with AAD Service Principal? When an application object in app registrations is changed, how to update the service principal that is provisioned from it Authentication difference between using AAD app key and Service Principal Password Azure App Service with User-Assigned Managed Identity crashes application How to reset the password of the Service Principal created for the System Managed Identity in Azure?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM